A very interesting article about how Google Chrome can be a risk to user personal information written by Tim Wilson at DarkReading.com:
Security flaws in Google Chrome could enable attackers to capture personal data stored in the browser’s history files, researchers said Friday.
In a blog posted last week, researchers at security firm Identity Finder outlined methods for accessing personal data from Chrome’s History Provider Cache, even if the data has been entered on a secure website. Some data also may be accessible through Chrome’s Web Data and History databases, the researchers say.
The researchers found flaws in Chrome’s SQLite and protocol buffers, which sometimes store personal information such as names, email addresses, mailing addresses, phone numbers, bank account numbers, Social Security numbers, and credit card numbers.
“Chrome browser data is unprotected, and can be read by anyone with physical access to the hard drive, access to the file system, or simple malware,” the blog states. “There are dozens of well-known exploits to access payload data and locally stored files.”
The vulnerabilities in Chrome have been known for some time, but the researchers say that their proofs of concept are the first to demonstrate the ease with which attackers could access and steal personal information.
“By connecting the dots, we hope to educate all Chrome users that Chrome stores sensitive data unencrypted, alert users of the risks of stored Chrome data, and encourage individuals and enterprises to engage in sensitive data management best practices,” the blog says.
Read the rest here.